目的

在CentOS7系统上使用netns(network namespace)和tc(Traffic control)来搭建网络拓扑，并设置带宽、丢包、时延等参数来构建不同的网络环境。

配置

拓扑

• host为宿主机，可以是虚拟机、物理机
• h1、r1/r2/r3/r4 、c1/c2/c3为netns
• h1和host相连，这样可以访问host的网络。
• r1/r2/r3/r4模拟路由器，在r1、r2、r3上用tc配置不同的时延、带宽、丢包率等，模拟出三条不同的网络链路。
• c1、c2、c3为三个客户端，通过路由设置分别走r1、r2、r3三条不同的路径去访问host或者h1。

---------r1--------            ---c1
         /                   \          /
        /                     \        /
 host--h1----------r2----------r4-----------c2
        \                     /        \
         \                   /          \
          ---------r3--------            ---c3

配置

拓扑配置脚本如下：

#!/bin/bash
#
#
#           ---------r1--------            ---c1
#          /                   \          /
#         /                     \        /
#  host--h1----------r2----------r4-----------c2
#         \                     /        \
#          \                   /          \
#           ---------r3--------            ---c3

ip netns add h1
ip netns add r1
ip netns add r2
ip netns add r3
ip netns add r4

ip link add veth-h1-r1 type veth peer name veth-r1-h1
ip link add veth-h1-r2 type veth peer name veth-r2-h1
ip link add veth-h1-r3 type veth peer name veth-r3-h1

ip link add veth-r1-r4 type veth peer name veth-r4-r1
ip link add veth-r2-r4 type veth peer name veth-r4-r2
ip link add veth-r3-r4 type veth peer name veth-r4-r3

ip link set veth-h1-r1 netns h1
ip link set veth-h1-r2 netns h1
ip link set veth-h1-r3 netns h1


ip link set veth-r1-h1 netns r1
ip link set veth-r1-r4 netns r1

ip link set veth-r2-h1 netns r2
ip link set veth-r2-r4 netns r2

ip link set veth-r3-h1 netns r3
ip link set veth-r3-r4 netns r3

ip link set veth-r4-r1 netns r4
ip link set veth-r4-r2 netns r4
ip link set veth-r4-r3 netns r4

ip netns exec h1 ip addr add 10.0.1.1/24 dev veth-h1-r1
ip netns exec h1 ip addr add 10.0.3.1/24 dev veth-h1-r2
ip netns exec h1 ip addr add 10.0.5.1/24 dev veth-h1-r3
ip netns exec h1 ip link set dev veth-h1-r1 up
ip netns exec h1 ip link set dev veth-h1-r2 up
ip netns exec h1 ip link set dev veth-h1-r3 up

ip netns exec r1 ip addr add 10.0.1.2/24 dev veth-r1-h1
ip netns exec r1 ip addr add 10.0.2.1/24 dev veth-r1-r4
ip netns exec r1 ip link set dev veth-r1-h1 up
ip netns exec r1 ip link set dev veth-r1-r4 up

ip netns exec r2 ip addr add 10.0.3.2/24 dev veth-r2-h1
ip netns exec r2 ip addr add 10.0.4.1/24 dev veth-r2-r4
ip netns exec r2 ip link set dev veth-r2-h1 up
ip netns exec r2 ip link set dev veth-r2-r4 up

ip netns exec r3 ip addr add 10.0.5.2/24 dev veth-r3-h1
ip netns exec r3 ip addr add 10.0.6.1/24 dev veth-r3-r4
ip netns exec r3 ip link set dev veth-r3-h1 up
ip netns exec r3 ip link set dev veth-r3-r4 up

ip netns exec r4 ip addr add 10.0.2.2/24 dev veth-r4-r1
ip netns exec r4 ip addr add 10.0.4.2/24 dev veth-r4-r2
ip netns exec r4 ip addr add 10.0.6.2/24 dev veth-r4-r3
ip netns exec r4 ip link set dev veth-r4-r1 up
ip netns exec r4 ip link set dev veth-r4-r2 up
ip netns exec r4 ip link set dev veth-r4-r3 up

ip netns exec h1 ip route add 10.0.2.0/24 via 10.0.1.2
ip netns exec h1 ip route add 10.0.4.0/24 via 10.0.3.2
ip netns exec h1 ip route add 10.0.6.0/24 via 10.0.5.2
ip netns exec h1 sysctl -w net.ipv4.ip_forward=1

ip netns exec r1 sysctl -w net.ipv4.ip_forward=1
ip netns exec r2 sysctl -w net.ipv4.ip_forward=1
ip netns exec r3 sysctl -w net.ipv4.ip_forward=1


# 在r3 绑定源IP地址，可以ping通h1或者host
# ip netns exec r4 ping -I 10.0.2.2 
# ip netns exec r4 wget --bind-address 10.0.2.2
#ip netns exec r4 ip route add 10.0.1.0/24 via 10.0.2.1 table 4002
#ip netns exec r4 ip route add 10.0.3.0/24 via 10.0.4.1 table 4004
#ip netns exec r4 ip route add 10.0.5.0/24 via 10.0.6.1 table 4006
ip netns exec r4 ip route add default via 10.0.2.1 table 4002
ip netns exec r4 ip route add default via 10.0.4.1 table 4004
ip netns exec r4 ip route add default via 10.0.6.1 table 4006

ip netns exec r4 ip rule add from 10.0.2.2 table 4002
ip netns exec r4 ip rule add from 10.0.4.2 table 4004
ip netns exec r4 ip rule add from 10.0.6.2 table 4006

ip netns exec r4 sysctl -w net.ipv4.ip_forward=1

# 和host相通
ip link add veth-host-h1 type veth peer name veth-h1-host
ip link set veth-h1-host netns h1
ip netns exec h1 ip addr add 192.168.111.2/24 dev veth-h1-host
ip netns exec h1 ip link set dev veth-h1-host up

ip addr add 192.168.111.1/24 dev veth-host-h1
ip link set dev veth-host-h1 up
ip route add 10.0.0.0/16 via 192.168.111.2 dev veth-host-h1
sysctl -w net.ipv4.ip_forward=1


ip netns exec r1 ip route add 192.168.111.0/24 via 10.0.1.1
ip netns exec r2 ip route add 192.168.111.0/24 via 10.0.3.1
ip netns exec r3 ip route add 192.168.111.0/24 via 10.0.5.1

# 添加3个client
ip netns del c1
ip netns del c2
ip netns del c3

ip netns add c1
ip netns add c2
ip netns add c3
ip link add veth-r4-c1 type veth peer name veth-c1-r4
ip link add veth-r4-c2 type veth peer name veth-c2-r4
ip link add veth-r4-c3 type veth peer name veth-c3-r4

ip link set veth-r4-c1 netns r4
ip link set veth-r4-c2 netns r4
ip link set veth-r4-c3 netns r4

ip netns exec r4 ip addr add 172.16.10.1/24 dev veth-r4-c1
ip netns exec r4 ip addr add 172.16.20.1/24 dev veth-r4-c2
ip netns exec r4 ip addr add 172.16.30.1/24 dev veth-r4-c3

ip netns exec r4 ip link set dev veth-r4-c1 up
ip netns exec r4 ip link set dev veth-r4-c2 up
ip netns exec r4 ip link set dev veth-r4-c3 up


ip link set veth-c1-r4 netns c1
ip link set veth-c2-r4 netns c2
ip link set veth-c3-r4 netns c3

ip netns exec c1 ip addr add 172.16.10.2/24 dev veth-c1-r4
ip netns exec c2 ip addr add 172.16.20.2/24 dev veth-c2-r4
ip netns exec c3 ip addr add 172.16.30.2/24 dev veth-c3-r4

ip netns exec c1 ip link set dev veth-c1-r4 up
ip netns exec c2 ip link set dev veth-c2-r4 up
ip netns exec c3 ip link set dev veth-c3-r4 up

ip route add 172.16.0.0/16 via 192.168.111.2
ip netns exec h1 ip route add 172.16.10.0/24 via 10.0.1.2
ip netns exec h1 ip route add 172.16.20.0/24 via 10.0.3.2
ip netns exec h1 ip route add 172.16.30.0/24 via 10.0.5.2

ip netns exec r1 ip route add 172.16.10.0/24 via 10.0.2.2
ip netns exec r2 ip route add 172.16.20.0/24 via 10.0.4.2
ip netns exec r3 ip route add 172.16.30.0/24 via 10.0.6.2

ip netns exec c1 ip route add default via 172.16.10.1
ip netns exec c2 ip route add default via 172.16.20.1
ip netns exec c3 ip route add default via 172.16.30.1

ip netns exec r4 ip rule add from 172.16.10.2 table 4002
ip netns exec r4 ip rule add from 172.16.20.2 table 4004
ip netns exec r4 ip rule add from 172.16.30.2 table 4006

tc设置脚本如下

ip netns exec r1 tc qdisc add dev veth-r1-r4 root handle 1: htb default 1
ip netns exec r1 tc class add dev veth-r1-r4 parent 1: classid 1:1 htb rate 1000mbit
ip netns exec r1 tc qdisc add dev veth-r1-r4 parent 1:1 handle 10: netem delay 15ms 2ms loss 5% reorder 2% limit 500

ip netns exec r2 tc qdisc add dev veth-r2-r4 root handle 1: htb default 1
ip netns exec r2 tc class add dev veth-r2-r4 parent 1: classid 1:1 htb rate 500mbit
ip netns exec r2 tc qdisc add dev veth-r2-r4 parent 1:1 handle 10: netem delay 50ms 10ms reorder 0.5% limit 1000

ip netns exec r3 tc qdisc add dev veth-r3-r4 root handle 1: htb default 1
ip netns exec r3 tc class add dev veth-r3-r4 parent 1: classid 1:1 htb rate 50mbit
ip netns exec r3 tc qdisc add dev veth-r3-r4 parent 1:1 handle 10: netem delay 30ms 5ms reorder 0.5% limit 1000

测试

以下命令就可以成c2访问host的80端口了：

ip netns exec c2 curl -w "Download rate: %{speed_download} bytes/sec\n" -vo /dev/null http://192.168.111.1:80/2M